Visible to Intel only — GUID: jtm1579137185228
Ixiasoft
3.1. Installing PACSign
3.2. PACSign Tool
3.3. Creating Unsigned Images
3.4. Using an HSM Manager
3.5. Creating Keys
3.6. Root Entry Hash Bitstream Creation
3.7. Signing Images
3.8. Creating a CSK ID Cancellation Bitstream
3.9. PACSign PKCS11 Manager *.json Reference
3.10. Creating a Custom HSM Manager
3.11. PACSign Man Page
Visible to Intel only — GUID: jtm1579137185228
Ixiasoft
3.7.1.2.1. Example: Creating a Signed .aocx File Using OpenSSL Manager
Command syntax:
$AOCL_BOARD_PACKAGE_ROOT/linux64/libexec/sign_aocx.sh -H openssl_manager \ -i <path_to_input_file/input_filename.aocx> -r <rootpublickey.pem> \ -k <cskkey.pem> -o <path_to_output_file/output_filename.aocx>
Example output, signing vector_add.aocx:
$ $AOCL_BOARD_PACKAGE_ROOT/linux64/libexec/sign_aocx.sh -H openssl_manager \ -i vector_add.aocx -r ../openssl_keys_1_2_1/key_pr_root_public_key.pem \ -k ../openssl_keys_1_2_1/key_pr_csk2_public_key.pem -o signed_06_vector.aocx The script assumes the PACsign and Intel Acceleration Stack environment is setup. If not run the command : <stack_installation_path>/init_env.sh hsm_manager=openssl_manager aocx filename/path=vector_add.aocx root_public_key=../openssl_keys_1_2_1/key_pr_root_public_key.pem csk_public_key=../openssl_keys_1_2_1/key_pr_csk2_public_key.pem output filename/path=signed_06_vector.aocx openssl hsm_manager_options=openssl_manager input path =. input filename =vector_add.aocx output path =. output filename =signed_06_vector.aocx Extracted the filename as signed_06_vector 1. Extracted the bin from the aocx 2. Extracted the gzip compressed GBS file from the .bin 3. Uncompressed .gz it to get the GBS file Initiating PACSign tool to sign the GBS. This process will take a couple of minutes... Creating signed aocx file by signing the provided keys 2020-01-06 16:08:20,125 - PACSign.log - WARNING - Bitstream is already signed - removing signature blocks 4. Signed the GBS 5. Compressed the gbs file 6. Added the signed gzip file to fpga.bin 7. Added the fpga.bin file back into aocx file The signed file signed_06_vector.aocx has been generated. Use the command aocl program <device_name> <filename>.aocx to program it on the FPGA card
The following message indicates that your output signed bitstream is successfully created:
The signed file <output_filename>.aocx has been generated. Use the command aocl program <device_name> <filename>.aocx to program it on the FPGA card